Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Remediation

References

CVE-2008-1989

Related Vulnerabilities

CKEditor Other Vulnerability (CVE-2022-24729)

Joomla! Core 2.5.x Denial of Service (2.5.0 - 2.5.9)

WordPress Plugin Social Like Box and Page by WpDevArt Cross-Site Scripting (0.8.40)

Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.2.6)

Oracle Database Server CVE-2006-3698 Vulnerability (CVE-2006-3698)

Severity

Critical

Classification

CVE-2008-1989 CWE-94

Tags

Missing Update Known Vulnerabilities